Demands are increasing. Is your organization ready?
The General Data Protection Regulation (GDPR), whose entry into force occurred in May 2018, is applicable to all organizations operating in the European Union.
The main objective of the General Data Protection Regulation (GDPR) is to ensure respect for each individual’s fundamental right to act on his or her data.
This regulation implies significant changes in the approach to the management of personal data, and has significant penalties associated with events of non-compliance.
The role of the regulators (in Portugal, CNPD – Portuguese Data Protection Authority) changes substantially with the entry into force of this regulation, with them now focusing their efforts on supervisory actions, as opposed to activities of notification and prior approval, as has been the case until now.
Based on the timetable defined by the European Commission, companies should, ensure the necessary changes in their operations (legal, procedural and technological) to comply with the standards present in the GDPR.
PwC seeks to provide its customers with an integrated offer, which includes the regulatory and operating facet, to enable them to adapt their organizations to the GDPR.
The penalties can amount to 20 million euros, or 4% of the total annual turnover. The GDPR applies to all economic sectors in the organizations that hold or use personal data of European citizens inside and outside the EU.